Update templates for Traefik version 2

defaults/main.yml

@@ -0,0 +1,2 @@
+---
+default_rule: "{% raw %}Host(`{{ normalize .Name }}.example.domain`){% endraw %}"

templates/docker-compose.yml.j2

@@ -1,23 +1,27 @@
-version: '2'
+version: '3.6'
 
 networks:
-  web:
+  traefik_web:
     driver: "bridge"
 
 services:
   proxy:
-    image: "traefik:1.6.6"
-    command: "--logLevel=ERROR"
+    image: "traefik:v2.2"
+    # command: "--logLevel=ERROR"
     ports:
       - "80:80"
       - "443:443"
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
-      - "{{ reverseproxy.data }}/:/cert/"
+      - "{{ reverseproxy.data }}/:/letsencrypt/"
       - "{{ reverseproxy.conf }}/:/etc/traefik/:ro"
     labels:
-      - "traefik.enable=false" # set to true to expose Monitoring & API
-      - "traefik.backend=proxy"
-      - "traefik.port=8080"
+      - "traefik.enable=true"
+      ## global redirect to https
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.entrypoints=web"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
     networks:
-      - "web"
+      - "traefik_web"
+

templates/traefik.toml.j2

@@ -1,58 +1,42 @@
-# accept self-signed SSL certs for backends
-InsecureSkipVerify = true
+[global]
+  checkNewVersion = false
+  sendAnonymousUsage = false
 
-defaultEntryPoints = ["http", "https"]
-
-[acme]
-email = "{{ reverseproxy.letsencrypt_email }}"
-storage = "cert/acme.json"
-entryPoint = "https"
-onDemand = false
-OnHostRule = true
-
-[acme.httpChallenge]
-entryPoint = "http"
+[serversTransport]
+  insecureSkipVerify = true
 
 [entryPoints]
-  [entryPoints.http]
+  [entryPoints.web]
     address = ":80"
-      [entryPoints.http.redirect]
-        entryPoint = "https"
-  [entryPoints.https]
+
+  [entryPoints.websecure]
     address = ":443"
-      [entryPoints.https.tls]
-
-[web]
-# own web server address (displays statistics)
-address = ":8080"
-
-[docker]
-endpoint = "unix:///var/run/docker.sock"
-domain = "docker.local"
-watch = true
-exposedbydefault = false
-
-# new domains and subdomains can be configured here.
-# note that domains and subdomains not defined in this file will still work,
-# when defined in a container Host-Rule. However, they will generate
-# their own ACME request, and will count towards LetsEncrypt's rate limit.
-#
-#[[acme.domains]]
-#  main = "example.com"
-#  sans = [
-#    # services
-#    "mumble.example.com",
-#    # ...
-#
-#    # web vhosts:
-#    "www.example.com",
-#    "git.example.com",
-#    "mail.example.com",
-#    "chat.example.com",
-#  ]
-
-# You can define multiple of these blocks, each of which will result in one
-# certificate.
-#[[acme.domains]]
-#  main = "example.org"
-#  sans = ["www.example.org", "mail.example.org"]
+
+[log]
+  level = "INFO"
+
+[accessLog]
+  format = "common"
+  filePath = "/dev/null"
+
+# [api]
+#   dashboard = true
+
+# [metrics]
+#   [metrics.prometheus]
+#     entryPoint = "traefik"
+#     buckets = [0.1,0.3,1.2,5.0]
+# [ping]
+
+[providers.docker]
+  network = "traefik_web"
+  exposedByDefault = false
+  defaultRule = "{{ reverseproxy.default_rule | default(default_rule, true) }}"
+
+[certificatesResolvers.mytls.acme]
+  email = "{{ reverseproxy.letsencrypt_email }}"
+  storage = "/letsencrypt/acme.json"
+  [certificatesResolvers.mytls.acme.httpChallenge]
+    # used during the challenge
+    entryPoint = "web"
+